Hello @Derek Cross ,
Welcome to Microsoft Q&A Platform. Thank you for reaching out & hope you are doing well.
If I understand correctly, you would like to setup Always On VPN connections using Azure VPN which can connect to specified VPN servers before users sign in to the device. Please confirm if my understanding is correct.
Always On VPN connection provides Device tunnel which connects to specified VPN servers before users sign in to the device. Pre-sign-in connectivity scenarios and device management use a device tunnel.
Refer: https://learn.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-howto-always-on-device-tunnel
Unlike user tunnel
, which only connects after a user logs on to the device or machine, device tunnel
allows the VPN to establish connectivity before the user logs on.
Device tunnel can only be configured on domain-joined devices running Windows 10 Enterprise or Education version 1709 or later. There is no support for third-party control of the device tunnel. If only a Device Tunnel is used on a system, you can configure a Name Resolution Policy table (NRPT). If a User Tunnel and a Device Tunnel are used on a system, you can use the Name Resolution Policy table (NRPT) only on the User Tunnel. Device tunnel does not support Force tunnel. You must configure it as Split tunnel.
Is it possible to get Azure P2S working before first login with no LAN connectivity?
I'm not sure if I understand this particular query. When you say no LAN connectivity, what are you referring to here?
Always ON VPN connection will work as long as there is network connectivity.
Refer: https://learn.microsoft.com/en-us/windows-server/remote/remote-access/vpn/vpn-device-tunnel-config
Kindly let us know if the above helps or you need further assistance on this issue.
Please don’t forget to "Accept the answer" wherever the information provided helps you, this can be beneficial to other community members.